From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BFB958BB7 for ; Wed, 16 Nov 2022 15:05:11 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 69494205DA for ; Wed, 16 Nov 2022 15:04:41 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 16 Nov 2022 15:04:38 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8BF7A44D6F for ; Wed, 16 Nov 2022 15:04:38 +0100 (CET) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Wed, 16 Nov 2022 15:04:29 +0100 Message-Id: <20221116140435.93067-1-f.ebner@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: =?UTF-8?Q?0=0A=09?=AWL 0.027 Adjusted score from AWL reputation of From: =?UTF-8?Q?address=0A=09?=BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict =?UTF-8?Q?Alignment=0A=09?=SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF =?UTF-8?Q?Record=0A=09?=SPF_PASS -0.001 SPF: sender matches SPF =?UTF-8?Q?record=0A=09?=URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [vzdump.pm, backup.pm] Subject: [pve-devel] [PATCH-SERIES manager] backup permission improvements X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2022 14:05:11 -0000 Currently, suffenciently privileged users may edit a backup job, but cannot run the very same job manually (via the vzdump API call). The first patch addresses this by removing the root-only restriction from retention and performance settings. Retention will require Datastore.Allocate on the target storage, because it's essentially removal of certain backups, while performance settings will require Sys.Modify on / which is the permission required to edit backup jobs. The next three patches are for deletion of parameters when updating a backup job. Allowing to only delete a setting (previously, update would fail if no parameter was set) and adding a check for the delete options. Patch 5/6 restricts backup editing by requiring that the user has appropriate permissions on the job's storage (and eventual newly set storage) as well as on the default 'local' storage when removing the storage. Jobs with a dumpdir can only be edited by root. This is a breaking API change, but requiring permission on the storage should be sensible and allows for more flexible permission configurations. The last patch introduces a helper to have the "what's the storage" logic in one place. Fiona Ebner (6): api: vzdump: soften parameter permission checks api: backup: update: turn delete into a hash api: backup: update: allow only deleting api: backup: update: check permissions of delete params too api: backup: require Datastore.Allocate on storage api: backup/vzdump: add get_storage_param helper PVE/API2/Backup.pm | 62 ++++++++++++++++++++++++++++++++++++++-------- PVE/API2/VZDump.pm | 32 ++++++++++++++++-------- PVE/VZDump.pm | 11 ++++++-- 3 files changed, 82 insertions(+), 23 deletions(-) -- 2.30.2